Out-of-bounds write in Linux kernel - CVE-2026-53366
Published: July 17, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in __ip_append_data() when processing IPv4 packet data on the paged allocation path. A local user can trigger the faulty length calculations to cause a denial of service.
The issue occurs because fraggap bytes copied from the previous skb are placed into the new skb linear area while the allocation size does not account for those bytes.
How to mitigate CVE-2026-53366
Sources
- https://git.kernel.org/stable/c/77798d7be6ef71e72fb6fc8a2901bf74ebc9706f
- https://git.kernel.org/stable/c/a9c24eda24bd15f432e37824e6fc440977cb241c
- https://git.kernel.org/stable/c/c04d9ece23deb9e26c19f9ca215e98b3295aa1bb
- https://git.kernel.org/stable/c/ce494707a9c07f27c219ca67f3e138061f53d9b3
- https://git.kernel.org/stable/c/eca856950f7cb1a221e02b99d758409f2c5cec42